Privacy Policy

Last updated: November 24, 2025

This Privacy Policy describes how PostyDaily (“we”, “us”, “our”), operated from Rue 20 Mars Hammem Sousse, 4011 Tunisia, collects, uses, and protects your information when you use our website and services.

1. Explicit Declaration of Data We Collect

PostyDaily is built on Postiz, an open-source social media management platform. We collect only the data that Postiz requires to function and the data necessary to connect to social media platforms. Below is an exhaustive list of all data we collect:

Account Information

  • Email address (for account creation and login)
  • Username and password (encrypted)
  • Account creation date and last login timestamp
  • User preferences and settings
  • Subscription plan and billing information (if applicable)

Social Media Connection Data

When you connect social media accounts, we collect:

  • OAuth Tokens: Access tokens and refresh tokens to authenticate with social media platforms
  • Profile Information: Display name, profile picture, email (as provided by the platform)
  • Account IDs: Unique identifiers for your social media accounts
  • Page/Channel IDs: Identifiers for pages, groups, or channels you manage
  • Permission Scopes: List of permissions granted to our app

Content Data

  • Post text, captions, and descriptions you create
  • Images, videos, and media files you upload
  • Hashtags and mentions
  • Scheduled posting times and dates
  • Draft and published post status
  • Post metadata (publish time, platform, account)

Analytics and Insights Data

  • Post engagement metrics (likes, comments, shares, views)
  • Audience demographics (age, gender, location) as provided by platforms
  • Follower growth statistics
  • Best posting times based on historical performance
  • Reach and impression data
  • Click-through rates and link performance

Technical Data

  • IP address (for security and fraud prevention)
  • Browser type and version
  • Device information (type, operating system)
  • Log data (access times, pages viewed, errors)
  • Cookies and similar tracking technologies

Communication Data

  • Support ticket messages and attachments
  • Email correspondence with our team
  • Feedback and survey responses

Data We Do NOT Collect

We explicitly do NOT collect:

  • Private messages or direct messages from social media platforms
  • Friends lists or personal connections (unless explicitly needed for a feature you enable)
  • Personal photos not related to business/creator accounts
  • Payment card information (handled by payment processors)
  • Sensitive personal data (health, religion, political views)
  • Any data beyond what is necessary for social media management services

2. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

How We Use Cookies

  • Essential Cookies: Necessary for the website to function (e.g., login sessions).
  • Preference Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand how you use our service so we can improve it.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Service.

3. Explicit API Usage Description for Each Platform

We are transparent about how we use APIs from each social media platform:

Meta Platforms (Facebook, Instagram, Threads)

We use the Meta APIs (Facebook Graph API and Instagram Graph API) ONLY to:

  • Publish content (posts, images, videos) that you schedule through our platform
  • Read insights and analytics for posts you've published
  • Manage Facebook Pages and Instagram Business/Creator accounts you authorize
  • Access basic profile metadata (name, profile picture, page ID)
  • Retrieve engagement metrics (likes, comments, shares, reach)
  • Schedule and manage post publishing times

We do NOT use Meta APIs to:

  • Collect friends lists or personal connections
  • Access inbox messages or private conversations
  • Access personal photos not related to your business pages
  • Post content without your explicit authorization
  • Access data from accounts you haven't connected

We comply with Meta's Platform Terms: https://developers.facebook.com/terms

LinkedIn API Usage

We use the LinkedIn API ONLY to:

  • Publish professional content to your LinkedIn profile or company pages
  • Retrieve post analytics and engagement metrics
  • Access your professional profile information (name, headline, profile photo)
  • Manage company pages you administer
  • Schedule posts for optimal timing

We do NOT use LinkedIn APIs to:

  • Access your private connections or network graph
  • Send messages on your behalf
  • Access job applications or private messages
  • Scrape member data

We comply with LinkedIn's API Terms of Use: https://www.linkedin.com/legal/l/api-terms-of-use

TikTok API Usage

We use the TikTok API ONLY to:

  • Publish video content you create or upload through our platform
  • Retrieve video performance metrics (views, likes, shares, comments)
  • Access your creator profile information
  • Manage posting schedules
  • Retrieve audience demographics and insights

We do NOT use TikTok APIs to:

  • Access your private messages
  • Access your following/follower lists beyond aggregate statistics
  • Engage with content on your behalf without authorization
  • Access personal videos not intended for publication

We comply with TikTok's Developer Terms: https://developers.tiktok.com/doc/terms-of-service

4. How We Use Your Information

We use the information we collect exclusively for the following lawful purposes, based on your consent, contract performance, legitimate interests, and legal obligations:

  • Provide, maintain, and improve our social media management services
  • Schedule and publish posts to your connected social media accounts
  • Analyze engagement metrics and provide insights dashboards
  • Send you technical notices, support messages, and service updates
  • Respond to your comments, questions, and support requests
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations and enforce our terms
  • Optimize posting times based on your historical performance

No Selling or Sharing of Platform Data

We do NOT and will NEVER:

  • Sell your Facebook, Instagram, TikTok, LinkedIn, or any social media data to third parties
  • Rent or lease your data to advertisers or data brokers
  • Share your social media analytics with competitors
  • Use your content for any purpose other than publishing it to your authorized platforms
  • Transfer your data to third parties except as necessary to provide the service (e.g., publishing to the social media platforms you authorize)
  • Use your data for targeted advertising unrelated to our service
  • Use API data for surveillance, discrimination, or any purpose outside the explicit service functionality

Your data is shared ONLY with:

  • The social media platforms you explicitly authorize (to publish your content)
  • Our secure infrastructure providers (for hosting and data storage)
  • Payment processors (only for billing information, if applicable)
  • Law enforcement or regulatory authorities (only when legally required)

5. Social Media Account Access

When you connect your social media accounts to PostyDaily, we request specific permissions to:

  • Post content on your behalf
  • Access analytics and insights
  • Manage your content calendar

We only access the data necessary to provide our services and never share your social media credentials.

6. Third-Party Services & Infrastructure

Our service integrates with various social media platforms including, for example, Facebook, Instagram, LinkedIn, TikTok, and others supported from time to time. Please review their respective privacy policies.

To provide our services, PostyDaily uses the following third-party infrastructure. We only use reputable providers that implement strong security measures and operate as data processors under written agreements:

Postiz (Self-Hosted Infrastructure)

PostyDaily is built on Postiz, an open-source social media management platform that we host and maintain on our own servers. Here's what you need to know:

  • Data Processing: Postiz processes your data as part of providing social media management services
  • Data Control: We maintain full control over the Postiz instance and your data
  • Self-Hosted: The Postiz software runs on infrastructure we control, not on third-party Postiz servers
  • Open Source: Postiz is open-source software available at https://postiz.com
  • No Data Sharing: Your data is not shared with Postiz or any Postiz-operated services
  • Responsibility: PostyDaily remains the data controller and is fully responsible for data protection

We use Postiz without modifications to ensure stability and receive security updates. All data stored by Postiz is under our direct control and subject to this Privacy Policy.

7. Social Media Platform Data Collection and Usage

When you connect your social media accounts to PostyDaily, we collect and process data from these platforms to provide our services. Here's what we collect from each platform:

Facebook and Instagram Data

When you connect Facebook or Instagram accounts, we may collect:

  • Profile information (name, profile picture, email address)
  • Page access tokens and permissions
  • Posts, images, videos, and captions you create through our platform
  • Post insights and analytics (reach, engagement, impressions)
  • Audience demographics and engagement metrics
  • Scheduled post content and publishing times
  • Comments and interactions on your posts (if you enable this feature)

We use Facebook and Instagram APIs in compliance with Meta's Platform Terms. We only access data necessary to provide posting, scheduling, and analytics features. We do not access your private messages, friends list, or personal photos not related to business accounts.

LinkedIn Data

When you connect your LinkedIn account, we may collect:

  • Professional profile information (name, headline, profile photo)
  • Company pages you manage
  • Post content and engagement metrics
  • Follower demographics and analytics
  • Connection statistics (with your explicit permission)

We handle LinkedIn data in accordance with LinkedIn's API Terms of Use and professional data protection standards.

TikTok Data

When you connect your TikTok account, we may collect:

  • Creator profile information
  • Video metadata and captions
  • View counts, likes, shares, and comments
  • Follower demographics and growth metrics
  • Trending hashtags and performance analytics

We process TikTok data in compliance with TikTok's Developer Terms of Service and applicable data protection regulations.

How We Use Social Media Data

We use the data collected from your social media accounts to:

  • Publish and schedule content on your behalf
  • Provide analytics dashboards showing post performance
  • Generate insights about your audience and engagement
  • Enable content calendar and planning features
  • Optimize posting times based on historical performance
  • Send you notifications about scheduled posts and performance

Data Sharing with Social Media Platforms

We share data with social media platforms only as necessary to provide services:

  • Your content (posts, images, videos) is transmitted to the platforms you authorize
  • Authentication tokens are used to access platform APIs
  • We do not sell your social media data to third parties
  • We do not share your data with advertisers or data brokers

Data Retention for Social Media Content

We retain social media data as follows:

  • Scheduled posts: Until published or deleted by you
  • Analytics data: Up to 24 months for historical comparisons
  • Draft content: Until you publish or delete it
  • Account connection data: Duration of account connection + 30 days after disconnection

You can request deletion of your social media data at any time by disconnecting your accounts or contacting us.

8. Your Rights (GDPR, CCPA & International Data Protection)

PostyDaily respects your privacy rights under various data protection regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable laws. For California residents, we do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the CPRA.

Rights for All Users

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Deletion: Request deletion of your data (see Data Deletion section below)
  • Right to Data Portability: Request your data in a machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw any consent you've previously given

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@postydaily.com. We will respond within 30 days.

GDPR-Specific Information

For users in the European Union:

  • Legal Basis for Processing: We process your data based on:
    • Your consent (when you create an account and connect social media accounts)
    • Contract performance (to provide our services)
    • Legitimate interests (to improve our services and prevent fraud)
    • Legal obligations (to comply with applicable laws)
  • Data Controller: PostyDaily, Rue 20 Mars Hammem Sousse, 4011 Tunisia
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority
  • International Data Transfers: If we transfer your data outside the EU/EEA, we ensure appropriate safeguards through Standard Contractual Clauses or other approved mechanisms

Data Deletion Instructions

How to Request Account and Data Deletion:

If you wish to permanently delete your PostyDaily account and all associated data, please send an email to support@postydaily.com with the subject line "Account Deletion Request".

Deletion Process

  1. Send an email from your registered email address stating that you want to delete your account and data
  2. Our technical service team will verify your identity
  3. We will process your deletion request within 30 days
  4. You will receive a confirmation email once the deletion is complete

What Gets Deleted

  • Your account credentials and profile information
  • All social media connection tokens and authorization data
  • Your scheduled and draft posts
  • Analytics and insights data we've cached
  • Any content you've uploaded to our platform

What May Be Retained

For legal compliance and security purposes, we may retain:

  • Transaction records and billing information (as required by law)
  • Logs related to fraud prevention or security incidents
  • Anonymous usage statistics (with all personal identifiers removed)

Note: Content already published to social media platforms (Facebook, Instagram, TikTok, LinkedIn, etc.) is not deleted from those platforms. You must delete that content directly through each platform.

9. Security Practices

We take the security of your data very seriously and implement industry-standard security measures to protect your information. Access tokens and similar credentials are stored securely and only used to perform actions you request (such as publishing scheduled posts). However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security:

Encryption

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (Transport Layer Security) with a minimum of 256-bit encryption
  • Data at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption
  • Password Security: User passwords are hashed using bcrypt with salt before storage

Access Control

  • Multi-factor authentication available for user accounts
  • Role-based access control for our team members
  • Strict access logs and monitoring
  • Regular security audits and penetration testing
  • Principle of least privilege for all system access

Secure Storage

  • Data stored on secure, reputable cloud infrastructure
  • Regular automated backups with encryption
  • Geographically distributed servers for redundancy
  • Database-level encryption for sensitive fields

OAuth Token Security

  • Social media access tokens are encrypted in our database
  • Tokens are never logged or exposed in plain text
  • Automatic token refresh using secure OAuth 2.0 protocols
  • Tokens are immediately revoked when you disconnect an account
  • Regular token rotation for enhanced security

Additional Security Measures

  • Regular security updates and patches applied to all systems
  • Firewall protection and intrusion detection systems
  • DDoS protection and rate limiting
  • Secure coding practices and code reviews
  • Employee security training and background checks
  • Incident response plan for security breaches

10. Webhook and Data Transfer Policies

As a social media scheduling platform, we use various technologies to securely transfer your data to social media platforms:

OAuth Token Management

  • Storage: OAuth access tokens and refresh tokens are encrypted using AES-256 before being stored in our database
  • Refresh Mechanism: We automatically refresh expiring tokens using secure OAuth 2.0 refresh token protocols
  • Scope Limitation: We only request the minimum permissions necessary for our services
  • Token Revocation: When you disconnect an account, we immediately revoke all associated tokens and delete them from our systems
  • No Token Sharing: We never share your OAuth tokens with third parties or use them for purposes beyond your explicit authorization

Webhook Security

  • All incoming webhooks are validated using cryptographic signatures
  • Webhook endpoints are protected with authentication tokens
  • Rate limiting is applied to prevent abuse
  • Webhook payloads are processed in isolated environments
  • Failed webhook attempts are logged for security monitoring

Data Transfer to Social Media Platforms

  • Content is transferred only to platforms you explicitly authorize
  • All API calls to social media platforms use HTTPS encryption
  • We comply with rate limits and platform guidelines for all APIs
  • Failed posts are retried with exponential backoff to prevent service abuse
  • Transfer logs are maintained for debugging but contain no sensitive content

Transaction Integrity

  • All post publishing operations are atomic (succeed completely or fail completely)
  • We maintain publish logs to ensure posts are not duplicated or lost
  • You can review all scheduled and published posts in your dashboard

11. Children's Privacy

Our Service is not directed to individuals under 18, and we do not knowingly collect personal data from anyone under 18. If we learn that we have collected such data, we will delete it.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

13. Contact Us & Data Protection

If you have any questions about this Privacy Policy, data protection, or wish to exercise your rights, please contact us:

For GDPR-related inquiries or to contact our data protection contact person, please email support@postydaily.com with "GDPR Request" in the subject line.

Drag